GHSA-67rr-84xm-4c7r

Suggest an improvement
Source
https://github.com/advisories/GHSA-67rr-84xm-4c7r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-67rr-84xm-4c7r/GHSA-67rr-84xm-4c7r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-67rr-84xm-4c7r
Aliases
Published
2025-07-03T21:14:48Z
Modified
2025-07-03T21:49:52Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Next.JS vulnerability can lead to DoS via cache poisoning
Details

Summary

A vulnerability affecting Next.js has been addressed. It impacted versions 15.0.4 through 15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.

Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page

More details: CVE-2025-49826

Credits

  • Allam Rachid zhero;
  • Allam Yasser (inzo)
Database specific
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-03T21:14:48Z",
    "nvd_published_at": "2025-07-03T21:15:27Z",
    "cwe_ids": [
        "CWE-444"
    ],
    "severity": "HIGH"
}
References

Affected packages

npm / next

Package

Affected ranges

Type
SEMVER
Events
Introduced
15.0.4-canary.51
Fixed
15.1.8